ceph: fix CVE-2020-10736 - linux/meta-virtualization.git - Mirror of git.yoctoproject.org/meta-virtualization

diff options

author	jason.lau <Haitao.Liu@windriver.com>	2020-07-03 17:28:26 +0800
committer	Bruce Ashfield <bruce.ashfield@gmail.com>	2020-07-06 16:28:54 -0400
commit	3bfea241d032c78f2fac73b13ece0238bd37f19d (patch)
tree	91ede981811003ef34c78825d26ab360870b90c7 /recipes-core
parent	98f86a681d92ee64c2e79f5c7ccb89415f7e75cc (diff)
download	meta-virtualization-3bfea241d032c78f2fac73b13ece0238bd37f19d.tar.gz

ceph: fix CVE-2020-10736

An authorization bypass vulnerability was found in Ceph versions 15.2.0 before 15.2.2, where the ceph-mon and ceph-mgr daemons do not properly restrict access, resulting in gaining access to unauthorized resources. This flaw allows an authenticated client to modify the configuration and possibly conduct further attacks. Upstream patches: [master] https://github.com/ceph/ceph/commit/c7e7009a690621aacd4ac2c70c6469f25d692868 [v15.2.2] https://github.com/ceph/ceph/commit/f2cf2ce1bd9a86462510a7a12afa4e528b615df2 CVE: CVE-2020-10736 Signed-off-by: Liu Haitao <haitao.liu@windriver.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>

Diffstat (limited to 'recipes-core')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: